Key Responsibilities
The IT Governance, Risk Management and Compliance Analyst plays a critical role in ensuring effective organizational governance, risk management and compliance.
Governance
• Develops comprehensive IT governance policies, processes and procedures to align with multiple regulatory requirements, including NIS2, PART-IS, AVSEC.
• Collaborates with cross-functional teams to enhance IT governance initiatives and drive business value.
• Designs training programs to improve IT governance understanding across the organization.
• Works closely with Safety and Security teams to ensure alignment between Governance Activities (IT, Safety, Security).
Risk Management
• Oversees the IT Risk Register, ensuring team commitment to mitigate or eliminate risks.
• Conducts thorough Risk Assessments of IT Systems (existing and newly proposed) to identify potential vulnerabilities.
Compliance
• Ensures adherence to relevant legal and regulatory standards, including NIS, NIS2, Part IS, AvSec, GDPR.
• Implements Information Security Management System (ISMS) tooling to streamline compliance efforts and achieve Continuous Compliance.
• Facilitates tabletop exercises to ensure IT and Leadership teams respond effectively to documented policies and procedures.
• Coordinates IT audits and compliance reviews, recording and managing feedback items received from these activities.
Qualifications, Skills, and Experience
The ideal candidate will possess:
• A Bachelor's degree in IT, Computer Science, or related field. Alternatively, substantial relevant experience will be considered.
• 3+ years' experience in a Compliance or Cyber Security focused role, with an interest in transitioning into an IT GRC role.
• Certification in CISA, CRISC, or CISSP is preferred but not essential.
• Project experience with ISO-, NIS/NIS2, AVSEC, PART-IS regulations is preferred but not essential.
• Familiarity with risk management methodologies and compliance tools.
• A track record of contributing to achievement of regulatory compliance.
• Excellent communication, problem-solving, and analytical skills.
• Strong grasp of cyber security concepts.
],